
TOP SECRET//COMINT//NOFORN 

NATIONAL SECURITY AGENCY 
CENTRAL SECURITY SERVICE 

FORT GEORGE G. MEADE, MARYLAND 20755 

APR 1 0 2009 



MEMORANDUM FOR MAJORITY STAFF DIRECTOR, SENATE 
SELECT COMMITTEE ON INTELLIGENCE 

SUBJECT: (U) Congressional Notification - INFORMATION 
MEMORANDUM 

( TS//SI//NF ) I am pleased to report to the Committee the significant 
progress made to date to resolve the Business Records (BR) matter, to 
provide additional information to the Committee on other matters that have 
been addressed previously to the Committee and to notify the Committee of 
one additional matter which was only recently identified. NSA is committed 
to work each matter to a resolution that is consistent with Foreign 
Intelligence Surveillance Court (FISC) orders and our obligation to conduct 
our operations with due regard to United States Persons’ privacy. It is also 
NSA’s commitment to make our efforts transparent to the Committee by 
providing updates of significant developments. 

I. ( TS//SI//NF ) Compliance with the Foreign Intelligence Surveillance 
Court’s Business Records and Pen Register/Trap and Trace Orders: 

( TS//S1//NF ) NSA notified the Committee on February 25, 2009 of a 
compliance issue with the implementation of the FISC authorized Business 
Records (BR) Order. The issue of non-compliance was originally identified by 
DoJ in mid-January and reported to the FISC. In his February 13 
declaration to the Court, the Director of NSA committed to conducting end-to- 
end reviews of NSA’s implementation of both the BR and Pen Register/Trap 
and Trace (PR/TT) Court Orders. 

( TS//SI//NF ) NSA has aggressively taken actions to correct the 
problems noted with BR FISA order compliance, avoid a reoccurrence, and 
ensure future compliance. A 60-day end-to-end system engineering and 
process review, a review of oversight and compliance training for all 
personnel who access both BR and PR/TT FISA metadata, and a redesign of 
the automated alert process for follow-on systems are being worked 
simultaneously. The end-to-end reviews involve a complex investigation of at 
least eight major system components and over 240 subcomponents, serving 
multiple functions and users. Our review of these systems and components 
has, to date, surfaced only the following issues noted in this update. 

(U) Current operating capability/ functionality 

(T8//SI//NF) On February 20 NSA implemented a change in software 
that shut off all automated accessing of metadata acquired pursuant to both 
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BR and PR/TT FISC orders. NSA accepted that this would disrupt processes 
that had no identified compliance concerns, to include those supporting 
material acquired under the PR/TT FISA Court Order; however, NSA decided 
that halting automated access to the BR and PR/TT metadata to be the most 
prudent course of action. 



1. (U// EOUO ) BR Operations/Mitigation 

( TS//SI//NF ) Since the March 5, 2009 FISA Court order, the Court’s 
approval has been required for each selector before it is tasked for BR FISA 
metadata analysis. On Marcl^^^IS^jesnmef^nanual access to BR FISA 

metadata, a 1 1 o w n c 1 1 a i 1 1 i n » FISA C'ourt-npprov c r i 

with 

lowing multiple operational and technical reviews 
to ensure compliance. While no deficiencies in analyst training had been 
noted, NSA has taken the extra precaution of providing additional 
compliance training and testing to all analysts accessing the BR FISA 
metadata prior to being approved for access. 



(TS/AST//NF) NSA has taken steps to minimize the impact of 
suspending the BR automated tipping (or alert) processes. A limited number 
of NSA analysts are now performing manual queries against 209 FISA Court- 
approvt 




2. (U// FOUO ) BR end-to-end review 

(TS//S17/NF) NSA systems engineers have made substantial progress 
on the end-to-end review of the systems and analytic tools associated with BR 
FISA metadata. NSA engineers have reviewed more than 100 requirements 
documents, dataflow diagrams and system documentation records and are 
establishing a comprehensive plan to restore capabilities. In concert with the 
engineering review, NSA’s Office of Oversight and Compliance has completed 
approximately half of the 15 necessary audits of the BR FISA metadata 
queries. So far these audits have revealed inappropriate queries by two 
analysts of foreign telephone selectors. These violations were reported to the 
FISC in the Director’s 25 February 2009 Supplemental Declaration, which 
the Committee previously received. In addition, several of the audits have 
identified possible compliance issues that require further investigation. 

3. (UUEQl.lG) Additional BR matters identified or undergoing 
review 

• (TS//ST//NF) As a result of authorized analysis, and as previously 
reported to the Court, 275 reports containing 2,476 telephone 
numbers were disseminated to the FBI and CIA. While this 
dissemination was authorized, and the numbers were legitimately 
determined to be associated with international terrorism, they were 
also added prematurely to a list called the Station Table , a list 
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designed to store numbers determined by NSA to meet the 
reasonable articulable suspicion standard “RAS-approved”. The 
problem identified is that these numbers did not undergo the 
formal NSA Office of General Counsel RAS-designation review as 
required by the Court prior to being added to the Station Table. 

• (TS//SI//NF ) NSA continues to review whether additional 
automated tools may have queried the business records metadata. 

• (TS//ST//NF) NSA is reviewing its application of the 5-year data 
retention limitation provision of the FISC order. 

4. (U//FOI IQ) Status of BR training 

(TS//SI//NF) NSA formed a team in early February to address both the 
immediate and long-term training required for analysts accessing metadata 
acquired through BR FISA and PR/TT FISA. The team initiated a redesign 
of the Agency’s BR FISA training and has administered BR FISA oral 
competency tests. Training for PR/TT FISA will involve a new curriculum 
and competency exam and is projected to be available by June 1, 2009. 

-tTD//0I//NF) NSA is also updating its BR FISA Standard Operating 
Procedures (SOP) document. An interim version of the new SOP details the 
processes and procedures governing access to BR FISA metadata. The 
interim SOP also describes the overall process to ensure consistency with the 
FISC order. The SOP will be revised as necessary as additional analytic tools 
are reinstated and automated processes are resumed following FISC 
approval. 

5. (UI IEOUQ. ) Status of PR/TT Operations and Review 

( TS//S1//NF) NSA is also seeking DoJ approval to reactivate automated 
querying of the PR/TT metadata after conducting a system level review of the 
PR/TT alerting system to ensure compliance. Of note, no compliance issues 
were found in NSA’s use of PR/TT metadata. NSA uses PR/TT metadata to 
chain across digital network selectors. However, as a result of the Court’s 
order, DoJ approval is required to reactivate any of the automated PR/TT 
processes that NSA voluntarily shut down. NSA anticipates receiving 
approval to resume the automated PR/TT alerting process soon. In the 
interim, as with BR FISA, NSA has taken steps to minimize the impact of 
suspending the PR/TT automated tipping process by ensuring the highest 
priority selectors undergo manual chaining. 

(T3//SI//NF) On March 31, 2009 DoJ lawyers visited NSA in 
preparation for DoJ’s first “spot check” of the PR/TT FISA process in 
compliance with the FISA Court’s March 5, 2009 Order. NSA demonstrated 
the analytic tools used by analysts and provided a briefing on NSA’s progress 
in conducting the end-to-end system engineering and process reviews. NSA 
also described how it administers oversight and compliance of the PR/TT 
metadata flows. DoJ identified no new issues during general discussion. DoJ 
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is scheduled to visit in late April for their first formal “spot check” on PR/TT 
FISA as well as a routine review of BR FISA. 



( TS//SI//NF ) The end-to-end review of the PR/TT systems and 
processes is underway and will be concluded upon completion of the BR FISA 
review. 




vercollection 



II. (U//FQUO) 

(S//SI//NF) This is to update the Committee on the matter of NSA’s 
incidental acquisition of data during the course of FISA Amendments Act 




The Committee previously received information on this matter on March 5, 
2009, in the Semiannual Report of the Department of Justice Concerning 
Acquisitions Under Section 702 of the FISA Amendments Act of 2008, 
prepared by the Department of Justice, and covering the period from 
September 4, 2008 through November 30, 2008 and on March 17, 2009, in the 
Semiannual Assessment of Compliance With FISA Amendments Act 
Procedures and Guidelines, prepared by the Attorney General and the 
Director of National Intelligence, covering the same time frame. The reports 
also stated that^^) had been reported to the Foreign Intelligence 
Surveillance Court (FISC). 



( S//SI//NF ) NSA supplements those reports by adding that ■ was an 
issue considered by the Court during its review of the third FAA Certification 
that the Attorney General and the Director of National Intelligence have 
authorized. Certification 




■ which was filed with the Court on January 12, 2009. 
During the Court’s consideration of that certification, the FISC asked for and 
received supplemental fili ngs wherein NSA described the causes for and the 
efforts to mitigate against 



ngs w 

■ 



(U// FOUO ) These mitigation efforts involve continuous process 
improvements to prevent and/or detect overcollection at the earliest possible 
point and the application of our targeting and minimization procedures 
regarding instances of overcollection, which include apprising ODNI and 
DOJ in a timely fashion whenever such incidents may occur in the future. 
NSA addre^^l the concerns expressed and the questions raised by the FISC 
concerni ng^O . 



(S//SI//NF ) On April 7, 2009, the FISC approved Certification 
In accordance with the reporting requirements of the FISA Amendments Act, 
the government will provide the Committee copies of the Court's Opinion and 
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Order, as well as of the government's application and pleadings in the 
matter, to include the supplemental filings referenced above. 

III. (IIZ/FOtfO) DIA Joint Intelligence Task Force - Combating 
Terrorism ( JITF-CT) Access to Counterterrorism-related SIGINT 
Information 



(U) This matter was first brought to the Committee’s attention by way 
of oral notification on March 31, 2009 to Committee staff directors with an 
understanding that this written notification would follow. 




program which allowed the DIA's Joint Intelligence Task Force - Combating 
Terrorism (JITF-CT) access to counterterrorism-related SIGINT information, 
including SIGIN^ollecte^Dursuant to the Foreign Intelligence Surveillance 
Court's (FISC^HHi^H Access to this FISA data was tightly 
controlled and was limited to JITF-CT analysts who had undergone training 
on the application of NSA minimization procedures to the FISA data and who 
were subject to NSA oversight of their activities. Moreover, these personnel 
were required to coordinate with NSA regarding dissemination of 
the information outside of JITF-CT. 

(U// FQUO ) At the time the pilot program was created, NSA 
determined that, once JITF-CT analysts were detailed to NSA they could be 
considered NSA “employees” pursuant to the FISC order for the purposes of 
their access to the FISA data. Under NSA’s analysis, although not reporting 
to an NSA management chain, once detailed to NSA, they were nevertheless 
operating under NSA control (training, oversight, accountability) when 
accessing the FISA data. 

(TS//SI//NF) In 2008, NSA’s Oversight and Compliance office was 
conducting a review of database access to unminimized SIGINT. As a result, 
a database known as ^^^^^^|was found to lack sufficient controls over 
analyst access to data. As a corrective measure, the database was 
reconfigured, “shutting it down” and bringing it back up under 
comprehensive controls. Thi^wa^h^atabas^ha^IITF^T^nalyst^ised 
to access the FISA data 

and these actions led to the loss of their access. The NSA Office 
Counsel then reconsidered the basis for its original concurrence on 
allowing JITF-CT analysts access to the FISA data. 

( C//SI//NF ) The NSA Office of General Counsel had questions 
concerning whether the circumstances of JITF-CT analysts “detail” 
supported the conclusion that they were NSA “employees” as originally 
determined. The facts and circumstances were reported to DoJ. Upon 
reviewing these facts, DoJ reported the matter to the FISC as a possible 




of General 
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compliance incident. NSA and DoJ continue to work to bring the matter to 
conclusion with the FISC. Until this matter is resolved, NSA will not 
reinstate JITF-CT access to this FISA data. 




flUHHthere is no way to determine whether, 
in fact, JITF-CT analysts accessed it without authorization. However, even if 
such access occurred, the analysts were trained in routine minimization 
procedures and were required to coordinate with NSA 

regarding dissemination of information outside of JITF-CT; thus it is unlikely 
that United States Persons’ identities were disseminated improperly. 



IV. ( S//SI//NF ) Suspension of ^ 
Unminimized SIGINT Collection 



Ito 



(S//SI//NF) This is the first repajj^^^j|^kiminittee on this matter, 



which concerns a decision to suspend 
called X-KEYSCORE (XKS) 






ccess to an NSA system 





itecture 



iwed 

laccess to a part ot noas col 

relating to SIGINT collected under the authority o^xoyiLvf^rdjy^^333 

[-KEYSCORE (XKS). ■■■■■■■ 

| this access is predicated on the principle that 
collaboration against counter-terrorism is essential to discover and nre-em i 
terrorist acts I 





m review ot this access NSA is considering whether allowing this 
J access to unminimized SIGINT collection fully complies with 
NSA procedures. The review is considering whether additional automated 
and/or manual procedures should be in place with prior to 

restoring their access to this stream of SIGINT. 

(U) NSA is continuing to review the facts and circumstances 
concernin^hi^natter. Should you have any questions, please contact me at 




Deputy Associate Director of Legislative Affairs 

Copy Furnished: 

Minority Staff Director, Senate 

Select Committee on Intelligence 
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